Email: 0x007er@gmail.com Description: This article is original, but also very dish just share their own ideas such as the same pure scientific phenomenon is actually like this, we usually see some vulnerability scanning site, for example, 360 Website Security Detection ScanV Website Security Detection, etc. It means that the best I have ever used is BugScan www.bugscan.net. In general, the vulnerability scanning accuracy is very high, especially bugscan. However, you must scan these vulnerabilities. provide verification, verify that the website belongs to you. Generally, upload a txt file to the root directory of the website or add a line of code to the index. After the verification is passed, the vulnerability will be notified to the user. Okay, because I used to like to use bugscan for initial Vulnerability Detection, but I have been very depressed about the verification mechanism. So I 've been wondering how to bypass verification. Then I finally learned it one day. Let's share it with you. In fact, the above is all nonsense, and, of course, this method does not work for more than 100% cases. First, for example, a single server website can be accessed through a domain name, some can also be accessed directly through IP addresses. If this problem occurs, it is the simplest. Let's resolve a domain name XXX directly. XX. COM to the ip address and then put it in the scan verification. XXX. COM is resolved to our own server, and a txt file is passed. This is the best method, but here, not every site can be accessed through an IP address. So the second one is probably someone has guessed it, that is, reverse proxy. We directly use the nginx response proxy and use XXX. XXX. COM to completely reverse proxy the website. At this time, if we put the website for scanning, it will be similar to the first case! After scanning the vulnerability, resolve the domain name to your server and verify it. Third: When we use the second method, we will encounter a problem, that is, many websites, such as www.AAA.com, whose sub-pages are fixed with www.aaa.com/xxx, so even if we use reverse proxy, this url cannot be replaced. During scanning, the scanner finds that www.aaa.com and xxx.xxx.com are not a Domain Name and will filter it out without scanning. Therefore, they can only scan the following page, this is a very bad question. So think of a method is, in the response agent, we use Nginx with-http_sub_module module to replace the output content, it is all replaced by www.aaa.com xxx.xxx.com. There are many articles on this operation. For details, refer http://www.xxorg.com/archives/749 Here is just a way of thinking. I hope you will not smile. Of course, this method is not effective, because some websites are configured and cannot be used for reverse proxy, you know.